WOOF! Newsletter

October 14, 2020

IT Security Practices of the Pros: How Do You Rate?

Every company needs dependable network-level protections against cyberattack, but that’s only half the equation. The other half is the human side of cybersecurity – how each employee behaves online while working. Use this scorecard to rate your company’s IT security behavior, in practice. Are you following best practices? Or do you need to make some changes?

TIME TO READ: 6 MINUTES

 

Cybersecurity is, and always will be, a two-sided effort. On one side, you have network-level protections for connectivity & data. We talked about these in our last issue, providing you with an  to rate your company’s security level. 

On the other side, you have security ‘practices’ among your team. Daily habits that protect your network from the "human element" in cybersecurity.

This WOOF contains an IT Security Practices Scorecard with the most effective, real-world IT security practices we know. Use it to test your team's security knowledge. Share it around and help everyone. Keep cyberattacks far, far away from your day-to-day activities!


How to Use the Scorecard

If you currently follow the security practice described, check the box. The objective? Check as many of these boxes as you're able.

Every box you don't check is a security practice you can (and should) implement. We've grouped these by topic for easier reference.

Give yourself 1 point for every box you check.  Total possible points = 26.

PASSWORD POWER

  • We require employees to change their network passwords every 6 months at a minimum. Every employee must use a complex password.
  • We enable MFA (multi-factor authentication) on our cloud and office applications, whenever possible.
  • Our employees must use password vault programs (instead of browsers) to store their passwords.

 

NETWORK SAFETY

  • We run firmware updates on our network gear (switches, firewalls, routers, Wi-Fi) quarterly, or sooner if the manufacturer announces a security risk.
  • We conduct mitigation on exploits found in our quarterly network vulnerability testing.
  • All remote employees must use a VPN or secured Wi-Fi hotspot when accessing the company servers.
  • Our company policy on remote access forbids use of an insecure Wi-Fi connection to access the company’s network.

 

SOFTWARE SAFETY

  • We do not run unsupported software on our servers or workstations.
  • We do not use pirated software.
  • We do not grant administrative rights to employee workstations.

 

DEVICE SAFETY

  • We regularly apply all security patches and Windows updates to our company workstations.
  • We implement encryption on all workstations.
  • All company workstations, devices, and mobile phones have password or PIN protection.
  • We have a corporate policy on device safety, and train our employees on how to travel safely with their company devices.
  • We asset tag our IT hardware (which forces recording of a device’s details), helping police recover stolen items and assisting with insurance claims.

 

TEAM SAFEGUARDS

  • Our employees are not allowed to purposes.
  • Employees with BYOD (Bring Your Own Device) must use a segregated guest network. These devices are not allowed on the company's network.
  • We provide cybersecurity best-practice training for our employees once a year.

 

LEAST PERMISSION

  • We provide our employees access only to the applications required to do their job.
  • Employees cannot share accounts for workstations, online services, Office 365/Google Workspace accounts, etc.
  • We terminate all separated employees' account access immediately upon their leaving the company (including Remote Desktop Services).

 

BUSINESS SAFETY NET

  • We conduct monthly security patching and software updates to our servers.
  • We test our server cloud backups for recoverability at least quarterly.
  • We test our workstation cloud backups for recoverability at least quarterly.
  • We test our Office 365/Google Workspace third-party backups for recoverability at least quarterly.
  • We have a Cyber Insurance policy that protects us from loss due to cyberattack.

 

TOTAL SCORE: ___ / 26

How did you do?  Is it time to make some changes?

The important thing is to start on the path. Even small changes can boost IT security overall. Contact your IT department or IT support company and discuss which of these practices would benefit your team the most right now.

Wherever you choose to start, commit to the practice. Get your team on board and figure out ways to test for compliance. Use team calendars to ensure completion. If necessary, push changes out company-wide, so the company’s IT stays safe and everyone stays productive.

We prepared a PDF version of this checklist as well. Download it in PDF format by clicking the image below.

 

Security Practices Don't Take Much Time...But You Must Keep Them Up

Now you see where both halves of the cybersecurity effort come from. Half technical protection, half team habits. With both, your chances of suffering a cyberattack drop as close to zero as possible.

Did you miss our popular IT Security Report Card last month?  Download it here:

Every PlanetMagpie customer will receive an IT Security Report Card filled out by their primary support tech, and then a call from a senior engineer to discuss shoring up their IT security. 

We are happy to conduct the same review for new customers. Want yours?

Related Articles
September 10, 2020
This "IT Security Report Card" Measures How Secure You Really Are
June 10, 2020
Is Your IT Ready for the Next Crisis? Robert's 8 Ways to Get You There
May 13, 2020
Sharing Account Passwords with Co-Workers? Time to Stop.